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This listing of claims replaces all prior versions, and 
listings of claims in the instant application: 

Listing of Claims; 

1.-29. (Cancelled) 
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30. (Currently Amended) A small footprint device 
comprising : 

at least one processing element configured to execute 
groups of one or more program modules in separate 
contexts , wherein said separate contexts are included in a 
runtime environment and further wherein said runtime 
environment includes an operating system where said 
separate contexts are removed from and over said operating 
system , 

wherein said one or more program modules 
comprising zero or more sets of executable 
instructions and zero or more sets of data 
definitions, 

said zero or more sets of executable 
instructions and said zero or more data definitions 
grouped as object definitions, and 

each context comprising a protected object 
instance space such that at least one of said object 
definitions is instantiated in association with a 
particular context; 

a memory comprising instances of objects; 

a context barrier , in said runtime environment and 
removed from and over said operating system, for 
separating and isolating said contexts, said context 
barrier configured for controlling execution of at least 
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one instruction of one of said zero or more sets of 
instructions comprised by a program module based at least 
in part on whether said at least one instruction is 
executed for an object instance associated with a first 
one of said separate contexts and whether said at least 
one instruction is requesting access to an instance of an 
object definition associated with a second one of said 
separate contexts, said context barrier further configured 
to prevent said access if said access is unauthorized and 
enable said access if said access is authorized; and 

an entry point object , in said runtime environment 
and removed from and over said operating system, for 
permitting one program module to access information from 
another program module across said context barrier. 



31. (Previously Presented) The small footprint device of 
claim 30 in which said context barrier allocates separate name 
spaces for each program module. 

32. (Previously Presented) The small footprint device of 
claim 30 in which at least two program modules can access said 
entry point object even though they are located in different 
respective name spaces. 

33. (Previously Presented) The small footprint device of 
claim 30 in which said context barrier allocates separate 
memory spaces for each program module. 

34. (Previously Presented) The small footprint device of 
claim 33 in which at least two program modules can access said 
entry point object even though they are located in different 
respective memory spaces. 



GUNNISON, McKAY & 

HODGSON. L.L.P. 
Garden Wcsl Office Plaza 
1900 Garden Road. Suite 220 
Monierey.CA 93940 

(831) 655^80 
Fax (83 1) 655-0888 



Page 3 of 16 



Appl. No. 10/659,554 

Amdt. dated January 25, 2008 

Reply to Advisory Action of December 14, 2007 



35. (Previously Presented) The small footprint device of 
claim 3-0 in which said context barrier enforces security checks 
on at least one of a principal, an object, and an action. 

36. (Previously Presented) The small footprint device of 
claim 3 5 in which at least one security check is based on 
partial name agreement between a principal, and an object. 

37. (Previously Presented) The small footprint device of 
claim 3 6 in which at least one program can access said entry 
point object without said at least one security check. 

38. (Previously Presented) The small footprint device of 
claim 35 in which at least one security check is based on 
memory space agreement between a principal and an object. 

39. (Previously Presented) The small footprint device of 
claim 38 in which at least one program can access said entry 
point object without said at least one security check. 

40. (Previously Presented) The small footprint device of 
claim 30 wherein an object instance is associated with a 
context by recording the name of said context in a header of 
said object instance, information in said header inaccessible 
to said one or more program modules. 
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41. (Previously Presented) The small footprint device of 
claim 30 wherein 

said memory comprises object header data, said object 
header data comprising information associated with at 
least one of said instances of objects; and 

said controlling execution is based at least in part 
on said object header data. 
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42. (Previously Presented) The small footprint device of 
claim 30 wherein 

said memory is partitioned into a plurality of memory 
spaces with instances of objects allocated for storage in 
one of said plurality of storage spaces; and 

said controlling execution is based at least in part 
on determining the storage space allocated to an executing 
object instance and an accessed object instance. 

43. (Currently Amended) A method of operating a small 
footprint device that includes a processing machine, wherein 
program modules are executed on the processing machine, the 
method comprising: 

separating contexts using a context barrier, said 
context barrier configured for controlling execution of at 
least one instruction of one of zero or more sets of 
instructions comprised by. a program module based at least 
in part on whether said at least one instruction is 
executed for an object instance associated with a first 
one of said separate contexts and whether said at least 
one instruction is requesting access to an instance of an 
object definition associated with a second one of said 
separate contexts, wherein said separate contexts and said 
context barrier are included in a runtime environment and 
further wherein said runtime environment includes an 
operating system where said separate contexts and said 
context barrier are removed from and over said operating 
system, 

said separating further comprising: 

preventing said access if said access is 
unauthorized; and 
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enabling said access if said access is 
authorized; 

executing groups of one or more program modules in 
separate contexts, said one or more program modules 
comprising zero or more sets of executable instructions 
and zero or more sets of data definitions, said zero or 
more sets of executable instructions and said zero or more 
data, definitions grouped as object definitions, each 
context comprising a protected object instance space such 
that at least one of said object definitions is 
instantiated in association with a particular context; and 

permitting access to information across said context 
barrier using an entry point object wherein said entry 
point object is in said runtime environment and is removed 
from and over said operating system . 

44. (Previously Presented) The method of claim 43 
wherein an object instance is associated with a context by 
recording the name of said context in a header of said object 
instance, information in said header inaccessible to said one 
or more program modules. 

45. (Previously Presented) The method of claim 43 
wherein said controlling execution is based at least in part on 
object header data comprising information associated with at 
least one of said instances of objects. 
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46. (Previously Presented) The method of claim 43 
wherein 

a memory of said small footprint device is 
partitioned into a plurality of memory spaces with 
instances of objects allocated for storage in one of said 
plurality of storage spaces; and 
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said controlling execution is based at least in part 
on determining the storage space allocated to an executing 
object instance and an accessed object instance. 
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47. (Currently Amended) A method of permitting access to 
information on a small footprint device from a first program 
module to a second program module separated by a context 
barrier, said small footprint device comprising: 

at least one processing element configured to execute 
groups of one or more program modules in separate 
contexts, said one or more program modules comprising zero 
or more sets of executable instructions and zero or more 
sets of data definitions, said zero or more sets of 
executable instructions and said zero or more data 
definitions grouped as object definitions, each context 
comprising a protected object instance space such that at 
least one of said object definitions is instantiated in 
association with a particular context wherein said 
separate contexts are included in a runtime environment 
and further wherein said runtime environment includes an 
operating system where said separate contexts are removed 
from and over said operating system ; 

a memory comprising instances of objects; and 
a context barrier , in said runtime environment and 
removed from and over said operating system, for 
separating and isolating said contexts, said context 
barrier configured for controlling execution of at least 
one instruction of one of said zero or more sets of 
instructions comprised by a program module based at least 
in part on whether said at least one instruction is 
executed for an object instance associated with a first 
one of said separate contexts and whether said at least 
one instruction is requesting access to an instance of an 
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object definition associated with a second one of said 
separate contexts, said context barrier further configured 
to prevent said access if said access is unauthorized and 
enable said access if said access is authorized, the 
method comprising: 

creating an entry point object , in said runtime 

environment and removed from and over said operating 

system, which may be accessed by at least two program 

modules; and 

using said entry point object to permit access 

to information across said context barrier. 



48. (Previously Presented) The method of claim 47 
wherein an object instance is associated with a context by 
recording the name of said context in a header of said object 
instance, information in said header inaccessible to said one 
or more program modules. 

49. (Previously Presented) The method of claim 47 
wherein said controlling execution is based at least in part on 
object header data comprising information associated with at 
least one of said instances of objects. 

50. (Previously Presented) The method of claim 47 
wherein 

a memory of said small footprint device is 
partitioned into a plurality of memory spaces with 
instances of objects allocated for storage in one of said 
plurality of storage spaces; and 

said controlling execution is based at least in part 
on determining the storage space allocated to an executing 
object instance and an accessed object instance. 
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51. (Currently Amended) A computer program product, 
comprising: 

a memory storage medium; and 
a computer controlling element comprising 
instructions for implementing a context barrier on a small 
footprint device and for bypassing said context barrier 
using an entry point object, wherein said context barrier 
and said entry point object are included in a runtime 
environment and further wherein said runtime environment 
includes an operating system where said context barrier 
and said entry point are removed from and over said 
operating system, said small footprint device comprising: 

at least one processing element configured to execute 
groups of one or more program modules in separate 
contexts, said one or more program modules comprising zero 
or more sets of executable instructions and zero or more 
sets of data definitions, said zero or more sets of 
executable instructions and said zero or more data 
definitions grouped as object definitions, each context 
comprising a protected object instance space such that at 
least one of said object definitions is instantiated in 
association with a particular context where said separate 
contexts are included in said runtime environment and are 
removed from and over said operating system ; 

a memory comprising instances of objects; and 
a context barrier for separating and isolating said 
contexts, said context barrier configured for controlling 
execution of at least one instruction of one of said zero 
or more sets of instructions comprised by a program module 
based at least in part on whether said at least one 
instruction is executed for an object instance associated 
with a first one of said separate contexts and whether 
said at least one instruction is requesting access to an 
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instance of an object definition associated with a second 
one of said separate contexts, said context barrier 
further configured to prevent said access if said access 
is unauthorized and enable said access if said access is 
authorized. 



52 



(Cancelled) 
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53. (Currently Amended) A computer program product, 
comprising: 

a memory storage medium; and 
a computer controlling element comprising 
instructions for separating a plurality of programs on a 
small footprint device by running them in respective 
contexts and for permitting one program to access 
information from another program by bypassing a context 
barrier using an entry point object, wherein said context 
barrier and said entry point object are included in a 
runtime environment and further wherein said runtime 
environment includes an operating system where said 
context barrier and said entry point are removed from and 
over said operating system, said small footprint device 
comprising: 

at least one processing element configured to execute 
groups of one or more program modules in separate 
contexts, said one or more program modules comprising zero 
or more sets of executable instructions and zero or more 
sets of data definitions, said zero or more sets of 
executable instructions and said zero or more data 
definitions grouped as object definitions, each context 
comprising a protected object instance space such that at 
least one of said object definitions is instantiated in 
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association with a particular context where said separate 
contexts are included in said runtime environment and are 
removed from and over said operating system ; 

a memory comprising instances of objects; and 
a context barrier for separating and isolating said 
contexts, said context barrier configured for controlling 
execution of at least one instruction of one of said zero 
or more sets of instructions comprised by a program module 
based at least in part on whether said at least one 
instruction is executed for an object instance associated 
with a first one of said separate contexts and whether 
said at least one instruction is requesting access to an 
instance of an object definition associated with a second 
one of said separate contexts, said context barrier 
further configured to prevent said access if said access 
is unauthorized and enable said access if said access is 
authorized. 



54. (Cancelled) 

55. (Cancelled) 



56. (Cancelled) 



57. (Currently Amended) A method of transmitting code 
over a network, comprising transmitting a block of code from a 
server, said block of code comprising instructions for 
implementing an entry point object for bypassing a context 
barrier on a small footprint device over a communications link, 
wherein said context barrier and said entry point object are 
included in a runtime environment and further wherein said 
runtime environment includes an operating system where said 
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context barrier and said entry point are removed from and over 
said operating system, said small footprint device comprising: 
at least one processing element configured to execute 
groups of one or more program modules in separate 
contexts, said one or more program modules comprising zero 
or more sets of executable instructions and zero or more 
sets of data definitions, said zero or more sets of 
executable instructions and said zero or more data 
definitions grouped as object definitions, each context 
comprising a protected object instance space such that at 
least one of- said object definitions is instantiated in 
association with a particular context where said separate 
contexts are included in said runtime environment and are 
removed from and over said operating system ; 

a memory comprising instances of objects; and 
a context barrier for separating and isolating said 
contexts, said context barrier configured for controlling 
execution of at least one instruction of one of said zero 
or more sets of instructions comprised by a program module 
based at least in part on whether said at least one 
instruction is executed for an object instance associated 
with a first one of said separate contexts and whether 
said at- least one instruction is requesting access to an 
instance of an object definition associated with a second 
one of said separate contexts, said context barrier 
further configured to prevent said access if said access 
is unauthorized and enable said access if said access is 
authorized. 
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